Malware Dynamic Analysis with Ring3 API Hook Scanner
Ring3 API Hook Scanner by NoVirusThanks.org that is gmer a like and detects API Hooking inside the kernel. This tool logs the executable responsible for hooking and the the API that is being hooked.
Dynamic Analysis Tool Lists
The Ring3 API Hook Scanner has a set of categories.
One is the one who owns or hooks the API module.
The other is the API name.
In our case, the image below shows how Ring3 detects Win32.AgentTesla.exe hooks DeleteFileW API.